book

Practical AI Security

Name: Practical AI Security
Author: Harriet Farlow
ISBN: 9781718504660

by Harriet Farlow

June 2026

Intermediate

392 pages

11h 24m

English

No Starch Press

Read now

Unlock full access

Cover Page
Title Page
Copyright Page
About the Author
About the Technical Reviewer
BRIEF CONTENTS
CONTENTS IN DETAIL
FOREWORD
ACKNOWLEDGMENTS
INTRODUCTION
What This Book Is AboutWho This Book Is ForAI Security vs. Cybersecurity vs. AI SafetyThis Book’s StructureThe Python-Based Colab NotebooksWhy Did I Write This Book?Let’s Begin

PART I: AI AND SECURITY FUNDAMENTALS
1 WHAT IS AI?
Defining Machine Learning and the Origins of AIThe First Machine Learning Model: The PerceptronAn Example: Recommending a MovieNeurons and Neural NetworksAn Easy Introduction to the Math of Machine LearningThe Perceptron Formula RevisitedData StructuresMatrices, Dataframes, and TensorsWorking with Models in PythonProcessing DataCreating Training and Test SetsBuilding the ArchitectureCompiling the ModelTraining the ModelEvaluating the ModelDebunking Data Science MythsSummaryResources
2 WORKING WITH MODELS
Machine Learning ApplicationsComputer VisionSignal ProcessingLearning MethodsSupervised vs. Unsupervised ApproachesReinforcement LearningPerforming Reinforcement Learning in PythonGenerative AIThe Evolution of Large Language ModelsThe Embedding SpaceTransformer ModelsReinforcement Learning with Human FeedbackBuilding a Language Model in PythonCreating Multimodal ModelsAgentsAgent Communication ProtocolsAn Agent Communication ExampleAI as a SystemRetrieval-Augmented GenerationAI InfrastructureSummaryResources
3 AI THREATS
The Attack SurfaceThreat ModelingSystem DiagramsExample 1: MITRE ATLAS and OWASPExample 2: MAESTROThreat ActorsTaxonomiesCriminal EnterprisesAdvanced Persistent ThreatsThreats to AIAI Threat IntelligenceTraditional Software VulnerabilitiesAI-Enabled Cyber CrimeAI Weaknesses in ResearchAI Weaknesses in the Real WorldAPT Interest in Intellectual PropertyAI Security vs. Traditional CybersecurityConceptual ModelsVulnerability ScoringUninterpretabilityUnpatchabilityNondeterminismScaleSummaryResources
PART II: ATTACKING AND DEFENDING AI
4 ATTACKS AND WEAKNESSES
The Machine Learning Life Cycle and Attack SurfaceDisruption and Deception MethodsFast Gradient Sign Method and Projected Gradient DescentAdversarial PatchCarlini and Wagner AttacksData PoisoningBackdoorsDisclosure-Based MethodsPrompt InjectionMembership InferenceModel ExtractionSide-Channel AttacksSystem-Level AI ThreatsRetrieval Augmented Generation AttacksSupply Chain RisksRisks to AgentsSummaryResources
5 DEFENSES, CONTROLS, AND MITIGATIONS
Machine Learning DefensesAdversarial TrainingGradient ObfuscationRandomized SmoothingCertified DefensesDefensive DistillationModel EnsemblesStatistical Detection MechanismsSystem-Level Controls and MitigationsInput ValidationInstruction Layer FilteringCybersecurity Controls and MitigationsAgent-Specification ConsiderationsSecurity Across the Life CycleMitigating Real-World AttacksFacial Recognition Bypass (Without Liveness Detection)Facial Recognition Bypass (With Liveness Detection)Denial of Service in MathGPTMalicious Code in Google Colab NotebooksMalware Detector BypassMetamorphic Ransomware VariantsSummaryResources
PART III: THE AI SECURITY ECOSYSTEM
6 RED TEAMING AI
The Red Teaming EcosystemCyber Red TeamingAI Red TeamingOther Testing MethodologiesPlanning an ExerciseSetting ObjectivesDefining the Threat ModelSelecting Adversarial TechniquesChoosing Tools and FrameworksExecuting the Red Team PlanTest Case 1: Prompt InjectionTest Case 2: Prompt FuzzingTest Case 3: Multi-Turn AttacksResponsible Disclosure and ReportingCoordinated Vulnerability DisclosureTechnical vs. Business ReportsReport ExamplesGames and ChallengesSummaryResources
7 ATTACKING AND DEFENDING WITH AI
AI for Cyber DefenseAnomaly and Intrusion DetectionMalware Detection and AnalysisThreat IntelligenceSecurity OperationsAI for Offensive CybersecurityVulnerability Discovery and ExploitationPhishing and Social EngineeringAutonomous Attack AgentsMisinformation and DisinformationCyber Espionage and SurveillanceSummaryResources
8 AI SAFETY
A History of AI SafetyExample: My AI Assistant’s Possible Safety IssuesShort-Term RisksBiasMisuseInterpretabilityJob DisplacementLong-Term RisksAlignment and the Control ProblemFailure ModesEvaluations and BenchmarksTesting for HarmClassifying Toxicity with DetoxifyEvaluating Natural LanguageMeasuring Math AbilityEvaluating ReasoningRating Claude’s Security AdviceMeasuring Agent SafetyMechanistic InterpretabilityActivation PatchingFeature AttributionProbing ClassifiersCircuit AnalysisSummaryResources
9 AI GOVERNANCE
Two Approaches to AI GovernanceCreating Dedicated AI LawsAdapting Sector-Based LawsTypes of GuidelinesPolicyStandardsIndustry FrameworksCase StudiesThe Evolution of Chatbot RegulationsThe Complexities of Regulating Third PartiesDead Rhinos and Responsibility Across JurisdictionsRisk AnalysisQualitative vs. Quantitative ApproachesRapid Risk AuditsBayesian MethodsPrioritization MatrixesImplementing Governance in PracticeAll OrganizationsHigh-Risk Industries and AI DevelopersSummaryResources
10 WHAT’S NEXT FOR AI SECURITY?
Technical ChallengesAgentic AIOpen vs. Closed Model WeightsWeb3Quantum ComputingArtificial General IntelligenceSocial and Organizational ChallengesModel Development vs. LicensingGeopoliticsCommunications and DesignClimateThe Workforce of the FutureGetting into AI SecurityChoosing Your Career PathHoning Your CraftSummaryResources
CONCLUSION: A NEW KIND OF HACKER
FIGURE CREDITS
INDEX

Content preview from Practical AI Security

4ATTACKS AND WEAKNESSES

A robot wearing a cape stands with its arms crossed in front of the curved surface of a planet, with other planets in space in the background.

Adversarial machine learning attacks are methods we can use to compromise weaknesses inherent in the machine learning process—in other words, to hack it. But what does it mean to hack an AI? Let’s consider a couple of examples.

Imagine I’m hosting a dinner at my house, and I fine-tune Khryseai, our robotic assistant, to act as a sommelier (a wine connoisseur). Her task is to choose wines for us that would belong in a world-class wine cellar. During her training phase, suppose an attacker—a frenemy who doesn’t want my dinner party to succeed—adds counterfeit bottles filled with colored water to the “high-quality wine” ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 0642572230326Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Practical AI Security

by Harriet Farlow

4ATTACKS AND WEAKNESSES

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.